Bump globals from 17.4.0 to 17.5.0

[dependabot]

Bumps globals from 17.4.0 to 17.5.0.

Release notes

Sourced from globals's releases.

v17.5.0

• Update globals (2026-04-12) (#342) 5d84602

---

sindresorhus/globals@v17.4.0...v17.5.0

Commits

• b8170c8 17.5.0
• 5d84602 Update globals (2026-04-12) (#342)
• 1b727e5 Fix build script for ES globals (#341)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[fossabot]

[fossabot]

✓ Safe to upgrade

I recommend merging this upgrade because the changes are purely additive and confined to ESLint developer tooling with zero runtime impact. The upgrade adds new browser global identifiers (AudioPlaybackStats, TimelineTrigger, TimelineTriggerRange, TimelineTriggerRangeList) and introduces an es2027 environment — none of which affect the project's existing globals.node and globals.mocha usage. Browser globals are deliberately disabled via "off" mappings in eslint.config.mjs, so any newly added browser globals will simply be suppressed in the same way. No breaking API changes, no security concerns, and no runtime dependencies are involved. The reported 'runtime version mismatch' (project: Node 24, package minimum: Node 18) is not a compatibility issue — Node 24 fully satisfies a Node >= 18 requirement.

What we checked

• The globals package is declared as "^17.5.0" in devDependencies, confirming it has no influence on application runtime or production bundles. ^[1]
• The globals package is imported and used only in this ESLint configuration file — no other files in the project reference it. ^[2]
• globals.browser entries are all mapped to "off" using Object.fromEntries(...map(..., [key] => [key, 'off'])). Any newly added browser globals (AudioPlaybackStats, TimelineTrigger, etc.) will automatically be set to "off" as well — the spread pattern is future-proof and requires no code changes. ^[3]
• globals.node is spread directly as enabled globals. The upgrade introduces no changes to the Node.js global set, so this usage is unaffected. ^[4]
• globals.mocha is spread directly as enabled globals. The upgrade introduces no changes to the Mocha global set, so this usage is unaffected. ^[5]
• Project declares "node": ">= 24.0.0" in engines. The upgraded globals package's minimum Node requirement of Node 18 is fully satisfied by the project's Node 24 environment — there is no actual runtime incompatibility. ^[6]

Dependency Usage

The globals package is used exclusively within the project's ESLint configuration (eslint.config.mjs), making it a developer tooling dependency with no impact on application runtime behavior. It supplies predefined global variable sets for browser, node, and mocha environments, allowing ESLint to correctly identify and lint code across these contexts — for example, disabling browser globals while enabling Node.js and Mocha test globals. This reflects a standard linting infrastructure pattern where environment-specific global definitions ensure code quality checks are appropriately scoped to the project's Node.js and test execution environments.

• The globals package is imported and used only in this ESLint configuration file — no other files in the project reference it.
  eslint.config.mjs:6
• globals.browser entries are all mapped to "off" using Object.fromEntries(...map(..., [key] => [key, 'off'])). Any newly added browser globals (AudioPlaybackStats, TimelineTrigger, etc.) will automatically be set to "off" as well — the spread pattern is future-proof and requires no code changes.
  eslint.config.mjs:39

View 2 more usages

• globals.node is spread directly as enabled globals. The upgrade introduces no changes to the Node.js global set, so this usage is unaffected.
  eslint.config.mjs:40
• globals.mocha is spread directly as enabled globals. The upgrade introduces no changes to the Mocha global set, so this usage is unaffected.
  eslint.config.mjs:41

Changes

globals was updated to add browser environment support for new Web API identifiers (AudioPlaybackStats, TimelineTrigger, TimelineTriggerRange, TimelineTriggerRangeList) and introduce a complete ES2027 environment definition with the full standard ECMAScript global set. The internal puppeteer devDependency was also bumped.

• Added new global identifier 'AudioPlaybackStats' to browser environment (v17.5.0, package source)
• Added new global identifiers 'TimelineTrigger', 'TimelineTriggerRange', and 'TimelineTriggerRangeList' to browser environment (v17.5.0, package source)
• Added support for ES2027 environment with full set of global identifiers including all standard ECMAScript globals (Atomics, BigInt, BigInt64Array, BigUint64Array, Boolean, DataView, Date, and 60+ additional globals) (v17.5.0, package source)

View 1 more change

• Updated puppeteer devDependency from ^24.37.5 to ^24.40.0 (v17.5.0, package source)

References (6)

[1]: The globals package is declared as "^17.5.0" in devDependencies, confirming it has no influence on application runtime or production bundles.

fossa-action/package.json

Line 36 in a8e3ea0

"globals": "^17.5.0",

[2]: The globals package is imported and used only in this ESLint configuration file — no other files in the project reference it.

fossa-action/eslint.config.mjs

Line 6 in a8e3ea0

import globals from "globals";

[3]: globals.browser entries are all mapped to "off" using Object.fromEntries(...map(..., [key] => [key, 'off'])). Any newly added browser globals (AudioPlaybackStats, TimelineTrigger, etc.) will automatically be set to "off" as well — the spread pattern is future-proof and requires no code changes.

fossa-action/eslint.config.mjs

Line 39 in a8e3ea0

...Object.fromEntries(Object.entries(globals.browser).map(([key]) => [key, "off"])),

[4]: globals.node is spread directly as enabled globals. The upgrade introduces no changes to the Node.js global set, so this usage is unaffected.

fossa-action/eslint.config.mjs

Line 40 in a8e3ea0

...globals.node,

[5]: globals.mocha is spread directly as enabled globals. The upgrade introduces no changes to the Mocha global set, so this usage is unaffected.

fossa-action/eslint.config.mjs

Line 41 in a8e3ea0

...globals.mocha,

[6]: Project declares "node": ">= 24.0.0" in engines. The upgraded globals package's minimum Node requirement of Node 18 is fully satisfied by the project's Node 24 environment — there is no actual runtime incompatibility.

fossa-action/package.json

Line 12 in a8e3ea0

"node": ">= 24.0.0"

---

fossabot analyzed this PR using static analysis and dependency research. View this analysis on the web